Find a Question:

Powerware-ransomware pretends to be Locky variant

Jul

23

2016

Security researchers at Unit 42, part of Palo Alto Networks, have discovered a new version of ransomware which masquerades as the famous Locky variant. The malware encrypts files only partially and is easy to remove.

The researchers write that the ransomware file provides the “locky’ extension and also takes over the communication which Locky asking for ransom. By posing as a known type of ransomware hope the criminals behind this variation victims still proceed to payment. According to Unit 42, the Powerware variant other malware often imitated.

This form of ransomware shows only encrypt the first 2048 bytes of files on the computer of the victim with 128bit AES. In addition, the key for decryption is present in the source code of the malware. Therefore, to make it easy to eliminate the infection. Researchers have for this purpose a tool put online.

Infection by Powerware is via a .NET file that turns a PowerShell script that searches for files on the computer of the victim.